<!DOCTYPE HTML>
<html lang="en-US">

<!-- Begin mPulse library -->
<script>
	(function(){
		// Boomerang Loader Snippet version 10
		if (window.BOOMR && (window.BOOMR.version || window.BOOMR.snippetExecuted)) {
			return;
		}

		window.BOOMR = window.BOOMR || {};
		window.BOOMR.snippetExecuted = true;

		var dom, doc, where, iframe = document.createElement("iframe"), win = window;

		function boomerangSaveLoadTime(e) {
			win.BOOMR_onload = (e && e.timeStamp) || new Date().getTime();
		}

		if (win.addEventListener) {

			win.addEventListener("load", boomerangSaveLoadTime, false);

		} else if (win.attachEvent) {
			win.attachEvent("onload", boomerangSaveLoadTime);
		}

		iframe.src = "javascript:void(0)";
		iframe.title = "";
		iframe.role = "presentation";
		(iframe.frameElement || iframe).style.cssText = "width:0;height:0;border:0;display:none;";
		where = document.getElementsByTagName("script")[0];
		where.parentNode.insertBefore(iframe, where);

		try {
			doc = iframe.contentWindow.document;

		} catch (e) {

			dom = document.domain;
			iframe.src = "javascript:var d=document.open();d.domain='" + dom + "';void(0);";
			doc = iframe.contentWindow.document;
		}

		doc.open()._l = function() {

			var js = this.createElement("script");

			if (dom) {
				this.domain = dom;
			}

			js.id = "boomr-if-as";

			js.src = "https://s.go-mpulse.net/boomerang/" + "TU3LW-WPX5W-YK52N-GNWRK-Z5B9X";
			BOOMR_lstart = new Date().getTime();
			this.body.appendChild(js);
		};
		doc.write('<bo' + 'dy onload="document._l();">');
		doc.close();
	})();
</script>
<!-- END mPulse library -->

   	
	
	

	<script type="text/javascript" src="/etc.clientlibs/clientlibs/granite/jquery.min.js"></script>
	<script type="text/javascript" src="/etc.clientlibs/clientlibs/granite/utils.min.js"></script>

	<script type="text/javascript">
		if (typeof Granite !== "undefined" && Granite.I18n){
			Granite.I18n.setLocale("en_us" || "en");
		}
	</script>
	
    <head>
    
    
    
    
    <meta charset="UTF-8"/>
    <meta name="viewport" content="width=device-width"/>
	<meta name="description" content="We provide a detailed analysis of the rootkit Umbreon under the ELF_UMBREON family, and also provide samples available to the industry to help others block this threat. "/>
	<meta name="robots" content="index,follow"/>
	<meta name="keywords" content="malware,endpoints,cyber crime,research"/>
	<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/>
	<meta name="template" content="article1withouthero"/>
    <meta property="article:published_time" content="2016-09-05"/>
    <meta property="article:tag" content="cyber crime"/>
    <meta property="article:section" content="research"/>
    
    <link rel="icon" type="image/ico" href="/content/dam/trendmicro/favicon.ico"/>
	<link rel="canonical" href="https://www.trendmicro.com/en_us/research/16/i/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems.html"/>

    <title>Umbreon Linux Rootkit Hits x86, ARM Systems</title>
			 
    

    <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600" rel="stylesheet"/>
<link href="//customer.cludo.com/css/296/1798/cludo-search.min.css" type="text/css" rel="stylesheet"/>



    
    
    

    
    
    
    
<link rel="stylesheet" href="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css" type="text/css">



    

    

    <script src="//tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js"></script>
	<meta property="og:url" content="https://www.trendmicro.com/en_us/research/16/i/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems.html"/>
<meta property="og:title" content="Umbreon Linux Rootkit Hits x86, ARM Systems"/>
<meta property="og:description" content="We provide a detailed analysis of the rootkit Umbreon under the ELF_UMBREON family, and also provide samples available to the industry to help others block this threat. "/>
<meta property="og:site_name" content="Trend Micro"/>
<meta property="og:image" content="https://www.trendmicro.com/content/dam/article-large-tile.jpg"/>
<meta property="og:locale" content="en_US"/>

	<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:site" content="@TrendMicro"/>
<meta name="twitter:title" content="Umbreon Linux Rootkit Hits x86, ARM Systems"/>
<meta name="twitter:description" content="We provide a detailed analysis of the rootkit Umbreon under the ELF_UMBREON family, and also provide samples available to the industry to help others block this threat. "/>
<meta name="twitter:image" content="https://www.trendmicro.com/content/dam/article-large-tile.jpg"/>

</head>
    
    <body class="articlepage page basicpage context-business">
		<!-- Page Scroll: Back to Top -->
		<a id="page-scroll" title="VerticalPageScroll" href="javascript:jumpScroll($(this).scrollTop());">
			<span class="icon-chevron-up"></span>
		</a>

        
                      
     		<!-- /* Data Layer */ -->
			<script type="text/javascript">
				var utag_data = {"customer_cookie_type":"business","language_code":"en_us","page_name":"research/16/i/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems/en_us","category_id":"en_us/research/16/i/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems","site_section":"research","post_date":"2016-09-05"};
			</script>

			<script type="text/javascript">(function(a,b,c,d){a='//tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js';b=document;c='script';d=b.createElement(c);d.src=a;d.type='text/java'+c;d.async=true;a=b.getElementsByTagName(c)[0];a.parentNode.insertBefore(d,a);})();</script>

            



            
<div class="header globalHeaderV2">

<div class="disruptorPanel">

<div class="disruptor-panel__alert">

	<div class="inner-container">
		<button class="sliding-dismiss-button">
			<span class="button-text">dismiss</span>
			<span class="icon-close"></span>
		</button>
	</div>
</div>
</div>
<div class="main-header new-main-header">
	<!-- Nav Sticky Wrapper -->
	<div class="nav-sticky-wrapper">
		<!-- Top Bar -->
		<div class="top-bar hidden-xs hidden-sm">
			<div class="inner-container">
				<div class="utility-col">
					<div class="utilityMenu utilityMenu-desktop"><nav class="utilityMenu__wrapper">

	<div class="dropdown utilityAlerts ">
	<button class="menu-button" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
		<span class="hidden menu-button__alert-count"></span>
		<span class="menu-button__icon icon-alert"></span>
		<span class="menu-button__text">Alerts</span>
	</button>
	<ul class="hidden dropdown-menu alerts-container ">
	</ul>

<ul class="dropdown-menu no-alerts"><li>No new notifications at this time.</li></ul>

</div>

	
	

		<!-- /* Determine if we need to act as a link button, or a drop down menu */ -->
		

		
		<div class="dropdown hidden-xs ">
			<button class="menu-button button-default" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
				<span class="menu-button__icon icon-download"></span>
				<span class="menu-button__text">Download</span>
			</button>
			



			
				<ul class="dropdown-menu align-">
					
						<li>
							<a href="/en_us/business/products/downloads.html?#t3">
								
								Scan Engines
								
							</a>
						</li>
					
						<li>
							<a href="/en_us/business/products/downloads.html?#t4">
								
								All Pattern Files
								
							</a>
						</li>
					
						<li>
							<a href="/en_us/business/products/downloads.html">
								
								All Downloads
								
							</a>
						</li>
					
						<li class=" is-phone-number ">
							<a href="http://downloadcenter.trendmicro.com/index.php?clk=left_nav&clkval=rss_feed&regs=NABU" target="_blank" rel="noopener noreferrer" class="no-border ">
								
								Subscribe to Download Center RSS
								
							</a>
						</li>
					
				</ul>
			

			
		</div>
	

	


	

	
	

		<!-- /* Determine if we need to act as a link button, or a drop down menu */ -->
		

		
		<div class="dropdown ">
			<button class="menu-button button-default" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
				<span class="menu-button__icon icon-cart"></span>
				<span class="menu-button__text">Buy</span>
			</button>
			



			
				<ul class="dropdown-menu align-">
					
						<li class=" hidden-context-business ">
							<a href="http://store.trendmicro.com/store/tmamer/Content/pbPage.Home/pgm.4823570300/" target="_blank" rel="noopener noreferrer">
								
								Home Office Online Store
								
							</a>
						</li>
					
						<li class=" hidden-context-business ">
							<a href="http://store.trendmicro.com/store/tmamer/html/pbPage.ManualRenew/ThemeID.7735600" target="_blank" rel="noopener noreferrer">
								
								Renew Online
								
							</a>
						</li>
					
						<li class=" hidden-context-business ">
							<a href="/en_us/forHome/products/free-tools.html" target="_blank" rel="noopener noreferrer" class="no-border ">
								
								Free Tools
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="/en_us/partners/find-a-partner.html">
								
								Find a Partner
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="/en_us/business/get-info-form.html">
								
								Contact Sales
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="/en_us/contact.html">
								
								Locations Worldwide
								
							</a>
						</li>
					
						<li class="dropdown-header hidden-context-home is-phone-number ">
							
								
								1-888-762-8736  (M-F 8am - 5pm CST)
								
							
						</li>
					
						<li class="dropdown-header hidden-context-home ">
							
								
								Small Business
								
							
						</li>
					
						<li class=" hidden-context-home ">
							<a href="http://buyonline.trendmicro.com/" target="_blank" rel="noopener noreferrer">
								
								Buy Online
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="http://renewonline.trendmicro.com/" target="_blank" rel="noopener noreferrer">
								
								Renew Online
								
							</a>
						</li>
					
				</ul>
			

			
		</div>
	

	


	

	
	

		<!-- /* Determine if we need to act as a link button, or a drop down menu */ -->
		

		
		<div class="dropdown stretched-dropdown">
			<button class="menu-button button-default" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
				<span class="menu-button__icon icon-region"></span>
				<span class="menu-button__text">Region</span>
			</button>
			



			

			
				<div class="dropdown-menu align-">
					<ul class="menu-column col-xs-12 col-sm-4 col-md-3">
						
							<li class="dropdown-header">
								
									
									The Americas
									
								
							</li>
						
							<li>
								<a href="/en_us.html">
									
									United States
									
								</a>
							</li>
						
							<li>
								<a href="/pt_br.html">
									
									Brasil
									
								</a>
							</li>
						
							<li>
								<a href="/en_ca.html">
									
									Canada
									
								</a>
							</li>
						
							<li>
								<a href="/es_mx.html" class="no-border ">
									
									México
									
								</a>
							</li>
						
							<li class="dropdown-header break-column-tablet">
								
									
									Asia Pacific
									
								
							</li>
						
							<li>
								<a href="/en_au.html">
									
									Australia
									
								</a>
							</li>
						
							<li>
								<a href="/en_hk.html">
									
									Hong Kong (English)
									
								</a>
							</li>
						
							<li>
								<a href="/zh_hk.html">
									
									香港 (中文) (Hong Kong) 
									
								</a>
							</li>
						
							<li>
								<a href="/en_in.html">
									
									भारत गणराज्य (India)
									
								</a>
							</li>
						
							<li>
								<a href="/in_id.html">
									
									Indonesia
									
								</a>
							</li>
						
							<li class=" break-column-desktop">
								<a href="/ja_jp.html">
									
									日本 (Japan)
									
								</a>
							</li>
						
							<li>
								<a href="/ko_kr/business.html">
									
									대한민국 (South Korea)
									
								</a>
							</li>
						
							<li>
								<a href="/en_my.html">
									
									Malaysia
									
								</a>
							</li>
						
							<li>
								<a href="/en_nz.html">
									
									New Zealand
									
								</a>
							</li>
						
							<li>
								<a href="/en_ph.html">
									
									Philippines
									
								</a>
							</li>
						
							<li>
								<a href="/en_sg.html">
									
									Singapore
									
								</a>
							</li>
						
							<li>
								<a href="/zh_tw.html">
									
									台灣 (Taiwan)
									
								</a>
							</li>
						
							<li>
								<a href="/th_th.html">
									
									 ประเทศไทย (Thailand)
									
								</a>
							</li>
						
							<li>
								<a href="/vi_vn.html" class="no-border ">
									
									Việt Nam
									
								</a>
							</li>
						
							<li class="dropdown-header break-column-desktop break-column-tablet">
								
									
									Europe
									
								
							</li>
						
							<li>
								<a href="/en_be.html">
									
									België (Belgium)
									
								</a>
							</li>
						
							<li>
								<a href="http://www.trendmicro.cz/">
									
									Česká Republika
									
								</a>
							</li>
						
							<li>
								<a href="/en_dk.html">
									
									Danmark
									
								</a>
							</li>
						
							<li>
								<a href="/de_de.html">
									
									Deutschland, Österreich Schweiz
									
								</a>
							</li>
						
							<li>
								<a href="/es_es.html">
									
									España
									
								</a>
							</li>
						
							<li>
								<a href="/fr_fr.html">
									
									France
									
								</a>
							</li>
						
							<li>
								<a href="/en_ie.html">
									
									Ireland
									
								</a>
							</li>
						
							<li>
								<a href="/it_it.html">
									
									Italia
									
								</a>
							</li>
						
							<li>
								<a href="/en_nl.html">
									
									Nederland
									
								</a>
							</li>
						
							<li class=" break-column-desktop">
								<a href="/en_no.html">
									
									Norge (Norway)
									
								</a>
							</li>
						
							<li>
								<a href="/pl_pl.html">
									
									Polska (Poland)
									
								</a>
							</li>
						
							<li>
								<a href="/ru_ru.html">
									
									Россия (Russia)
									
								</a>
							</li>
						
							<li>
								<a href="/en_fi.html">
									
									Suomi (Finland)
									
								</a>
							</li>
						
							<li>
								<a href="/en_se.html">
									
									Sverige (Sweden)
									
								</a>
							</li>
						
							<li>
								<a href="/tr_tr.html">
									
									Türkiye (Turkey)
									
								</a>
							</li>
						
							<li>
								<a href="/en_gb.html" class="no-border ">
									
									United Kingdom
									
								</a>
							</li>
						
							<li class="dropdown-header break-column-desktop break-column-tablet">
								
									
									Middle East &amp; Africa
									
								
							</li>
						
							<li>
								<a href="/en_me/forHome.html" class=" country-pricing-cookie" data-country-pricing-cookie="ar_EG-EGP">
									
									Egypt
									
								</a>
							</li>
						
							<li>
								<a href="/en_il/forHome.html">
									
									Israel
									
								</a>
							</li>
						
							<li>
								<a href="/en_me/forHome.html" class=" country-pricing-cookie" data-country-pricing-cookie="ar_KW-KWD">
									
									Kuwait
									
								</a>
							</li>
						
							<li>
								<a href="/en_me/forHome.html" class=" country-pricing-cookie" data-country-pricing-cookie="ar_OM-OMR">
									
									Oman
									
								</a>
							</li>
						
							<li>
								<a href="/en_me/forHome.html" class=" country-pricing-cookie" data-country-pricing-cookie="ar_SA-SAR">
									
									Saudi Arabia
									
								</a>
							</li>
						
							<li>
								<a href="/en_za.html">
									
									South Africa
									
								</a>
							</li>
						
							<li>
								<a href="/en_ae.html">
									
									UAE
									
								</a>
							</li>
						
							<li>
								<a href="/en_me/forHome.html" class=" country-pricing-cookie" data-country-pricing-cookie="en_US-USD">
									
									Rest of MEA
									
								</a>
							</li>
						
					</ul>
				</div>
			
		</div>
	

	


	

	
	

		<!-- /* Determine if we need to act as a link button, or a drop down menu */ -->
		

		
		<div class="dropdown ">
			<button class="menu-button button-default" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
				<span class="menu-button__icon icon-login"></span>
				<span class="menu-button__text">Log In</span>
			</button>
			



			
				<ul class="dropdown-menu align-">
					
						<li class=" hidden-context-home ">
							<a href="https://success.trendmicro.com/sign-in" target="_blank" rel="noopener noreferrer">
								
								My Support
								
							</a>
						</li>
					
						<li class=" hidden-context-business ">
							<a href="https://esupport.trendmicro.com/en-us/home/pages/resources.aspx" target="_blank" rel="noopener noreferrer" class="no-border ">
								
								Log In to Support
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://community-trendmicro.force.com/Partner" target="_blank" rel="noopener noreferrer">
								
								Partner Portal
								
							</a>
						</li>
					
						
					
						
					
						<li class="dropdown-header hidden-context-business ">
							
								
								Home Solutions
								
							
						</li>
					
						<li class=" hidden-context-business ">
							<a href="https://www.trendsecure.com/my_account/signin/login" target="_blank" rel="noopener noreferrer">
								
								My Account
								
							</a>
						</li>
					
						<li class=" hidden-context-business ">
							<a href="http://www.trendmicro.com/ilostmyandroid" target="_blank" rel="noopener noreferrer">
								
								Lost Device Portal
								
							</a>
						</li>
					
						<li class=" hidden-context-business ">
							<a href="https://www.trendsecure.com/report_stolen/locker/report" target="_blank" rel="noopener noreferrer">
								
								Trend Micro Vault
								
							</a>
						</li>
					
						<li class=" hidden-context-business ">
							<a href="http://pwm.trendmicro.com/" target="_blank" rel="noopener noreferrer">
								
								Password Manager
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://clp.trendmicro.com/" target="_blank" rel="noopener noreferrer">
								
								Customer Licensing Portal
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://esupport.trendmicro.com/oct" target="_blank" rel="noopener noreferrer">
								
								Online Case Tracking
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://success.trendmicro.com/sign-in" target="_blank" rel="noopener noreferrer">
								
								Premium Support
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://sso.trendmicro.com/sso/form/authenticate.aspx" target="_blank" rel="noopener noreferrer">
								
								Worry-Free Business Security Services
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://tm.login.trendmicro.com/authenticate/api/false/tmrm" target="_blank" rel="noopener noreferrer">
								
								Remote Manager
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://cloudone.trendmicro.com/" target="_blank" rel="noopener noreferrer">
								
								Cloud One
								
							</a>
						</li>
					
						<li class=" hidden-context-business ">
							<a href="https://signup.cj.com/member/signup/publisher/?cid=1157059" target="_blank" rel="noopener noreferrer" class="no-border ">
								
								Referral Affiliate
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://signup.cj.com/member/signup/publisher/?cid=1867119#/branded?_k=xaeu3t" target="_blank" rel="noopener noreferrer">
								
								Referral Affiliate
								
							</a>
						</li>
					
				</ul>
			

			
		</div>
	

	


	

	
	

		<!-- /* Determine if we need to act as a link button, or a drop down menu */ -->
		

		
		<div class="dropdown ">
			
			<a class="utility-menu-button-link" href="/en_us/business/products/trials.html">
				<span class="menu-button__icon icon-free-trial"></span>
				<span class="menu-button__text">Free trials</span>
			</a>



			

			
		</div>
	

	


	

	
	

		<!-- /* Determine if we need to act as a link button, or a drop down menu */ -->
		

		
		<div class="dropdown ">
			<button class="menu-button desktop-text button-red" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
				<span class="menu-button__icon icon-contact"></span>
				<span class="menu-button__text">Contact Us</span>
			</button>
			



			
				<ul class="dropdown-menu align-">
					
						<li class=" hidden-context-home ">
							<a href="https://www.trendmicro.com/en_us/business/get-info-form.html">
								
								Contact Sales
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="/en_us/contact.html">
								
								Locations
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://success.trendmicro.com/technical-support">
								
								Support
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="/en_us/partners/find-a-partner.html">
								
								Find a Partner
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="/en_us/about/events.html">
								
								Learn of upcoming events
								
							</a>
						</li>
					
						<li class="dropdown-header hidden-context-home ">
							
								
								Social Media Networks
								
							
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://www.facebook.com/TrendMicro/">
								
								Facebook
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://twitter.com/trendmicro">
								
								Twitter
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://www.linkedin.com/company/trend-micro/">
								
								Linkedin
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://www.youtube.com/user/TrendMicroInc">
								
								Youtube
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://www.instagram.com/trendmicro/">
								
								Instagram
								
							</a>
						</li>
					
						<li class="dropdown-header is-phone-number ">
							
								
								1-888-762-8736 (M-F 8-5 CST)
								
							
						</li>
					
				</ul>
			

			
		</div>
	

	<div class="dropdown utility-dropdown-search hidden-sm hidden-md hidden-lg">
		<button class="menu-button utility-search-button" type="button">
			<span class="menu-button__icon icon-search-thin"></span>
		</button>
	</div>
</nav>

</div>
				</div>
			</div>
		</div>
		<!-- Bottom Bar -->
		<div class="bottom-bar">
			<div class="inner-container">
				<nav class="mainNavMenu"><!--  Inner Container -->
<div class="inner-container">
	<!--  Logo Toggle Col -->
	<div class="logo-toggle-col">
		<div class="newlogo logo"><a href="/en_us/business.html">
	<img class="hidden-xs" src="/content/dam/trendmicro/global/en/global/logo/logo-desktop.png" alt="Trend Micro Security"/>
	<img class="hidden-sm hidden-md hidden-lg" src="/content/dam/trendmicro/global/en/global/logo/logo-desktop.png" alt="Trend Micro Security"/>
</a>


</div>
		<div class="toggle">
	<div class="toggle-button active">
		<a href="/en_us/business.html" data-businesscontext="true">
			Business&nbsp;
			<span class="icon-chevron-right hidden-xs"></span>
		</a>
	</div>
	<div class="toggle-button">
		<a href="/en_us/forHome.html" data-businesscontext="false">
			For Home&nbsp;
			<span class="icon-chevron-right hidden-xs"></span>
		</a>
	</div>

</div>
		<div class="mobile-right-controls hidden visible-xs visible-sm">
			<a href="#newnavmenu-mobile" class="menu-link toggle-newnavmenu-mobile collapsed" data-toggle="collapse">
				<div class="menu-icon">
					<div class="center-bar"></div>
				</div>
			</a>
			<div class="search-mobile toggle-search-mobile collapsed" data-target="#search-mobile-wrapper" data-toggle="collapse">
				<span class="icon-search"></span>
			</div>
		</div>
	</div>
	<!--  Nav Wrapper -->
	<div class="nav-wrapper collapse to-right dont-collapse-flex-md" id="newnavmenu-mobile">
		
			<div class="dropdown">
				
				
				
					<button class="menu-toggle hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
						Products
					</button>
					<button class="menu-toggle hidden-md hidden-lg" type="button" data-toggle="collapse" data-target="#nav-dropdown-0" aria-haspopup="true" aria-expanded="false">
						Products
					</button>
					<div class="dropdown-menu" id="nav-dropdown-0">
						<div class="responsiveColumnControl section">

<style>>
#responsive-column-bb33d1b6-f588-40ff-a4b8-4ff048550ebd {
	margin-top:0;
	padding-top:0;
	padding-bottom:0;
	margin-bottom:40px;
}
</style>



<div class="row
			
			null global-margin-top- global-padding-top- global-padding-bottom- global-margin-bottom-" id="responsive-column-bb33d1b6-f588-40ff-a4b8-4ff048550ebd">
	<div class="col-sm-12 col-xs-12 col-md-12 column"><div class="navCategory section">
<div class="white left-align-full show-dividers columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red" id="b-nav-products-hcs" href="/en_us/business/products/hybrid-cloud.html">Hybrid Cloud Security</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-hcs-workload-security" href="/en_us/business/products/hybrid-cloud/cloud-one-workload-security.html">
	Workload Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-hcs-conformity" href="/en_us/business/products/hybrid-cloud/cloud-one-conformity.html">
	Conformity
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-hcs-container-security" href="/en_us/business/products/hybrid-cloud/cloud-one-container-image-security.html">
	Container Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-hcs-file-storage-security" href="/en_us/business/products/hybrid-cloud/cloud-one-file-storage-security.html">
	File Storage Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-hcs-application-security" href="/en_us/business/products/hybrid-cloud/cloud-one-application-security.html">
	Application Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-hcs-network-security" href="/en_us/business/products/hybrid-cloud/cloud-one-network-security.html">
	Network Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-hcs-open-source" href="/en_us/business/products/hybrid-cloud/cloud-one-open-source-security-by-snyk.html">
	Open Source Security
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red" id="b-nav-products-network-security" href="/en_us/business/products/network.html">Network Security</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-" id="b-nav-products-network-intrusion-prevention" href="/en_us/business/products/network/intrusion-prevention.html">
	Intrusion Prevention
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-products-network-advanced-threat-protection" href="/en_us/business/products/network/advanced-threat-protection.html">
	Advanced Threat Protection
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-industrial-network-security" href="/en_us/business/products/iot/industrial-network-security.html">
	Industrial Network Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-mobile-network-security" href="/en_us/business/products/iot/mobile-network-security.html">
	Mobile Network Security
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red" id="b-nav-products-user-protection" href="/en_us/business/products/user-protection.html">User Protection</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-" id="b-nav-products-up-endpoint-security" href="/en_us/business/products/user-protection/sps/endpoint.html">
	Endpoint Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-products-up-email-security" href="/en_us/business/products/user-protection/sps/email-and-collaboration.html">
	Email Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-up-mobile-security" href="/en_us/business/products/user-protection/sps/mobile-security-enterprise.html">
	Mobile Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-products-up-web-security" href="/en_us/business/products/user-protection/sps/web-security.html">
	Web Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-up-industrial-endpoint" href="/en_us/business/products/iot/industrial-endpoint-security.html">
	Industrial Endpoint
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red" id="b-nav-products-detection-response" href="/en_us/business/products/detection-response.html">Detection &amp; Response</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-detection-response-xdr" href="/en_us/business/products/detection-response/xdr.html">
	XDR
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-detection-response-zero-trust" href="/en_us/business/products/detection-response/zero-trust.html">
	Zero Trust Risk Insights
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">Powered by</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-key-products-machine-learning" href="/content/trendmicro/en_us/business/technologies/machine-learning">
	AI/Machine Learning
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-key-products-global-threat-intelligence" href="/en_us/business/technologies/smart-protection-network.html">
	Global Threat Intelligence
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-products-key-connected-threat-defense" href="/en_us/business/technologies/connected-threat-defense.html">
	Connected Threat Defense
	
</a>

</div>

</div>
	</div>
</div>

</div>
<div class="navCategory section">
<div class="white center-align  columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray" id="b-nav-products-all-products" href="/en_us/business/products.html">All Products &amp; Trials</a>
</div>
		<div class="parsys navColumnItems">
</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray" id="b-nav-products-all-solutions" href="/en_us/business/products/all-solutions.html">All Solutions</a>
</div>
		<div class="parsys navColumnItems">
</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray" id="b-nav-products-service-packages" href="/en_us/business/services/service-one.html">Service Packages</a>
</div>
		<div class="parsys navColumnItems">
</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray" id="b-nav-products-small-business" href="/en_us/small-business/worry-free-services-advanced.html">Small &amp; Midsize Business Security</a>
</div>
		<div class="parsys navColumnItems">
</div>
	</div>
</div>

</div>

</div>
</div>
</div>


					</div>
				
			</div>
		
			<div class="dropdown">
				
				
				
					<button class="menu-toggle hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
						Solutions
					</button>
					<button class="menu-toggle hidden-md hidden-lg" type="button" data-toggle="collapse" data-target="#nav-dropdown-1" aria-haspopup="true" aria-expanded="false">
						Solutions
					</button>
					<div class="dropdown-menu" id="nav-dropdown-1">
						<div class="responsiveColumnControl section">

<style>>
#responsive-column-1958f2ec-0a96-4dad-b8cc-4cc2a3a90fb0 {
	margin-top:0;
	padding-top:0;
	padding-bottom:0;
	margin-bottom:40px;
}
</style>



<div class="row
			
			null global-margin-top- global-padding-top- global-padding-bottom- global-margin-bottom-" id="responsive-column-1958f2ec-0a96-4dad-b8cc-4cc2a3a90fb0">
	<div class="col-sm-12 col-xs-12 col-md-12 column"><div class="navCategory section">
<div class="gray left-align-full show-dividers columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray" id="b-nav-solutions-cloud" href="/en_us/business/capabilities/solutions-for/cloud.html">For Cloud</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-hcs-cloud-migration" href="/en_us/business/products/hybrid-cloud/cloud-migration-security.html">
	Cloud Migration
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-hcs-cloud-native-app-dev" href="/en_us/business/products/hybrid-cloud/cloud-native-application-development.html">
	Cloud-Native App Development
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-hcs-cloud-op-excellence" href="/en_us/business/products/hybrid-cloud/cloud-operational-excellence.html">
	Cloud Operational Excellence
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-hcs-data-center-security" href="/en_us/business/products/hybrid-cloud/security-data-center-virtualization.html">
	Data Center Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-saas-apps" href="/en_us/business/capabilities/solutions-for/cloud.html">
	SaaS Applications
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red">Internet of Things (IoT)</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-smart-factory" href="/en_us/business/solutions/iot/smart-factory.html">
	Smart Factory
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-connected-car" href="/en_us/business/solutions/iot/connected-car.html">
	Connected Car
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-5g-enterprise" href="/en_us/business/solutions/iot/enterprise-5g-iot.html">
	5G Security for Enterprises
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray" id="b-nav-solutions-risk">Risk Management</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-ransomware" href="/en_us/business/capabilities/solutions-for/ransomware.html">
	Ransomware
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-end-support-systems" href="/en_us/business/capabilities/solutions-for/end-of-support-systems.html">
	End-of-Support Systems
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-compliance" href="/en_us/business/capabilities/solutions-for/compliance.html">
	Compliance
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-detection-response" href="/en_us/business/products/detection-response.html">
	Detection and Response
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray" id="b-nav-solutions-industries">Industries</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-healthcare" href="/en_us/business/capabilities/solutions-for/healthcare.html">
	Healthcare
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-manufacturing" href="/en_us/business/solutions/iot/smart-factory.html">
	Manufacturing
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-healthcare" href="/en_us/business/capabilities/solutions-for/federal-government.html">
	Federal
	
</a>

</div>

</div>
	</div>
</div>

</div>

</div>
</div>
</div>


					</div>
				
			</div>
		
			<div class="dropdown">
				
				
				
					<button class="menu-toggle hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
						Why Trend Micro
					</button>
					<button class="menu-toggle hidden-md hidden-lg" type="button" data-toggle="collapse" data-target="#nav-dropdown-2" aria-haspopup="true" aria-expanded="false">
						Why Trend Micro
					</button>
					<div class="dropdown-menu" id="nav-dropdown-2">
						<div class="responsiveColumnControl section">

<style>>
#responsive-column-f7bc5d40-1d11-42c4-b5ee-756e7d961841 {
	margin-top:0;
	padding-top:0;
	padding-bottom:0;
	margin-bottom:40px;
}
</style>



<div class="row
			
			null global-margin-top- global-padding-top- global-padding-bottom- global-margin-bottom-" id="responsive-column-f7bc5d40-1d11-42c4-b5ee-756e7d961841">
	<div class="col-sm-12 col-xs-12 col-md-12 column"><div class="navCategory section">
<div class="white left-align show-dividers columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red" id="b-nav-why-trend" href="/en_us/about/why-trend-micro.html">The Trend Micro Difference</a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-4cf72a2c-b100-461a-8228-659e5cf76c90">
	<div class="col-sm-4 col-xs-12 col-md-4 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-why-customer-successes" href="/en_us/about/customer-stories.html">
	Customer Successes
	
</a>

</div>

</div>

	<div class="col-sm-4 col-xs-12 col-md-4 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-why-strategic-alliances" href="/en_us/partners/explore-alliance-partners.html">
	Strategic Alliances
	
</a>

</div>

</div>

	<div class="col-sm-4 col-xs-12 col-md-4 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-why-industry-leadership" href="/en_us/about/awards.html">
	Industry Leadership
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>
</div>

</div>

</div>
</div>
</div>


					</div>
				
			</div>
		
			<div class="dropdown">
				
				
				
					<button class="menu-toggle hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
						Research
					</button>
					<button class="menu-toggle hidden-md hidden-lg" type="button" data-toggle="collapse" data-target="#nav-dropdown-3" aria-haspopup="true" aria-expanded="false">
						Research
					</button>
					<div class="dropdown-menu" id="nav-dropdown-3">
						<div class="responsiveColumnControl section">

<style>>
#responsive-column-99a341e0-3b52-4c91-8c53-d12e05580d3b {
	margin-top:0;
	padding-top:0;
	padding-bottom:0;
	margin-bottom:40px;
}
</style>



<div class="row
			
			null global-margin-top- global-padding-top- global-padding-bottom- global-margin-bottom-" id="responsive-column-99a341e0-3b52-4c91-8c53-d12e05580d3b">
	<div class="col-sm-12 col-xs-12 col-md-12 column"><div class="navCategory section">
<div class="gray left-align-full show-dividers columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">Research</a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-640e4981-fcc7-4032-a4fa-06de0838d8ef">
	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-about" href="/en_us/about/threat-research.html">
	About Our Research
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-analysis" href="https://www.trendmicro.com/vinfo/us/security/research-and-analysis/">
	Research and Analysis
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-news-perspectives" href="/en_us/research.html">
	Research, News and Perspectives
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-sec-reports" href="https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports">
	Security Reports
	
</a>

</div>

</div>

	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-security-news" href="http://www.trendmicro.com/vinfo/us/security/news/" rel="noopener noreferrer" target="_blank">
	Security News
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-research-zero-day-initiative" href="https://www.zerodayinitiative.com/about/" rel="noopener noreferrer" target="_blank">
	Zero Day Initiative (ZDI)
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-simply-security-blog" href="/en_us/research.html">
	Blog
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">Research by Topic</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-topics-vulnerabilities" href="https://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability">
	Vulnerabilities
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-topics-annual-predictions-21" href="https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2021">
	Annual Predictions
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-topics-deep-web" href="https://www.trendmicro.com/vinfo/us/security/threat-intelligence-center/deep-web/">
	The Deep Web
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-topics-iot" href="https://www.trendmicro.com/vinfo/us/security/threat-intelligence-center/internet-of-things/">
	Internet of Things (IoT)
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">Resources</a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-3ae5364b-5665-40e9-b392-ce7fdb452c79">
	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-resources-devops" href="/en_us/devops.html">
	DevOps Resource Center
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-ciso-center" href="/en_us/ciso.html">
	CISO Resource Center
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-resources-what-is" href="/en_us/what-is.html">
	What is?
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-resources-encyclopedia" href="https://www.trendmicro.com/vinfo/us/threat-encyclopedia/">
	Threat Encyclopedia
	
</a>

</div>

</div>

	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-resources-cloud-health" href="http://trendmicro.com/public-cloud-risk-assessment" rel="noopener noreferrer" target="_blank">
	Cloud Health Assessment
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-resources-cyber-risk" href="/en_us/security-intelligence/breaking-news/cyber-risk-index.html">
	Cyber Risk Assessment
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-resources-enterprise-guide" href="https://www.trendmicro.com/vinfo/us/security/threat-intelligence-center/security-strategies-for-enterprises">
	Enterprise Guides
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-resources-glossary" href="https://www.trendmicro.com/vinfo/us/security/definition/a">
	Glossary of Terms
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>
</div>
<div class="featuredCampaign">
<div class="featured-campaign">
	<!--Media Container-->
	<div class="featured-campaign--media-container">
		<!--Featured Title-->
		<h5 class="featured-campaign--title title-color-red">Project 2030</h5>

		<!--Feature Image-->
		<figure class="featured-campaign--image-container">
			<a id="b-nav-research-promo-2030-e0ef74-img" target="_blank" href="https://2030.trendmicro.com">
				<img src="/content/dam/trendmicro/global/en/global/navigation/project-2030-nav-banner.jpg" alt="Project 2030"/>
			</a>
		</figure>
	</div>
	<!--Text Container-->
	<div class="featured-campaign--text-container">
		<!--RTE-->
		<div class="featured-campaign--rich-text richText">


	<p>How will the world of cybersecurity evolve by 2030?</p>
<p>Let’s take a look at what the future holds. </p>


</div>

		<!--Featured Link-->
		<div class="featured-campaign--link">
			<a id="b-nav-research-promo-2030-e0ef74" target="_blank" href="https://2030.trendmicro.com">
				Explore our expert video series
				<!--Link Icon (Chevron Right)-->
				<span class="icon-chevron-right"></span>
			</a>
		</div>
	</div>
</div>
</div>
</div>

</div>
</div>
</div>


					</div>
				
			</div>
		
			<div class="dropdown">
				
				
				
					<button class="menu-toggle hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
						Services &amp; Support
					</button>
					<button class="menu-toggle hidden-md hidden-lg" type="button" data-toggle="collapse" data-target="#nav-dropdown-4" aria-haspopup="true" aria-expanded="false">
						Services &amp; Support
					</button>
					<div class="dropdown-menu" id="nav-dropdown-4">
						<div class="responsiveColumnControl section">

<style>>
#responsive-column-d1c26ba2-b7d9-451e-b9ff-eeec59d7ca3e {
	margin-top:0;
	padding-top:0;
	padding-bottom:0;
	margin-bottom:40px;
}
</style>



<div class="row
			
			null global-margin-top- global-padding-top- global-padding-bottom- global-margin-bottom-" id="responsive-column-d1c26ba2-b7d9-451e-b9ff-eeec59d7ca3e">
	<div class="col-sm-12 col-xs-12 col-md-12 column"><div class="navCategory section">
<div class="white left-align-content show-dividers columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">Services</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-services-service-one" href="/en_us/business/services/service-one.html">
	Service Packages
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-services-managed-xdr" href="/en_us/business/services/managed-xdr.html">
	Managed XDR
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-services-support-services" href="/en_us/business/services/support-services.html">
	Support Services
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red" id="b-nav-support-business-support" href="https://success.trendmicro.com/business-support" rel="noopener noreferrer" target="_blank">Business Support</a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-787539b9-1bc0-4917-8bf8-e6dc37218f2b">
	<div class="col-sm-4 col-xs-12 col-md-4 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-support-log-in" href="https://success.trendmicro.com/sign-in" rel="noopener noreferrer" target="_blank">
	Log In to Support
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-support-tech-support" href="https://success.trendmicro.com/technical-support" rel="noopener noreferrer" target="_blank">
	Technical Support
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-support-virus-threat-help" href="https://success.trendmicro.com/virus-and-threat-help" rel="noopener noreferrer" target="_blank">
	Virus &amp; Threat Help
	
</a>

</div>

</div>

	<div class="col-sm-4 col-xs-12 col-md-4 column"><div class="navLink section">
<a class=" text-color-" id="b-nav-support-renewals-registration" href="https://success.trendmicro.com/renewals-and-registration" rel="noopener noreferrer" target="_blank">
	Renewals &amp; Registration
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-support-education-certification" href="https://www.trendmicro.com/en_us/business/products/support-services/education.html" rel="noopener noreferrer" target="_blank">
	Education &amp; Certification
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-support-contact-support" href="https://success.trendmicro.com/contact-support-north-america" rel="noopener noreferrer" target="_blank">
	Contact Support
	
</a>

</div>

</div>

	<div class="col-sm-4 col-xs-12 col-md-4 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-support-downloads" href="/en_us/business/products/downloads.html">
	Downloads
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-support-free-cleanup-tools" href="https://success.trendmicro.com/virus-and-threat-help#threat-removal" rel="noopener noreferrer" target="_blank">
	Free Cleanup Tools
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-support-find-support-partner" href="/en_us/partners/find-a-partner.html">
	Find a Support Partner
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">For Popular Products</a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-84379188-232d-4d01-a26a-2934bea39b8a">
	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-" id="b-nav-support-deep-security" href="https://success.trendmicro.com/product-support/deep-security-10-0" rel="noopener noreferrer" target="_blank">
	Deep Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-support-apex-one" href="https://success.trendmicro.com/product-support/apex-one" rel="noopener noreferrer" target="_blank">
	Apex One
	
</a>

</div>

</div>

	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-support-worry-free" href="https://success.trendmicro.com/product-support/worry-free-business-security" rel="noopener noreferrer" target="_blank">
	Worry-Free
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-support-worry-free-renewals" href="http://renewonline.trendmicro.com/us/default.aspx" rel="noopener noreferrer" target="_blank">
	Worry-Free Renewals
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>
</div>

</div>

</div>
</div>
</div>


					</div>
				
			</div>
		
			<div class="dropdown">
				
				
				
					<button class="menu-toggle hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
						Partners
					</button>
					<button class="menu-toggle hidden-md hidden-lg" type="button" data-toggle="collapse" data-target="#nav-dropdown-5" aria-haspopup="true" aria-expanded="false">
						Partners
					</button>
					<div class="dropdown-menu" id="nav-dropdown-5">
						<div class="responsiveColumnControl section">





<div class="row
			
			null global-margin-top- global-padding-top- global-padding-bottom- global-margin-bottom-" id="responsive-column-05f83079-fd8d-4994-89bd-ffbbd3d68dd3">
	<div class="col-sm-12 col-xs-12 col-md-12 column"><div class="navCategory section">
<div class="gray left-align-content show-dividers columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">Channel Partners </a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-71574782-e358-416d-9df8-15479758b1d4">
	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-channel-overview" href="/en_us/partners/channel-partners.html">
	Channel Partner Overview
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-channel-managed" href="/en_us/partners/channel-partners/managed-service-provider.html">
	Managed Service Provider
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-channel-cloud" href="/en_us/partners/channel-partners/cloud-service-provider.html">
	Cloud Service Provider
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-channel-professional" href="/en_us/partners/channel-partners/professional-services-partner.html">
	Professional Services
	
</a>

</div>

</div>

	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-channel-resellers" href="/en_us/partners/channel-partners/resellers.html">
	Resellers
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-channel-marketplace" href="/en_us/partners/channel-partners/marketplace.html">
	Marketplace
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-channel-system" href="/en_us/partners/channel-partners/systems-integrator.html">
	System Integrators
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">Alliance Partners</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-alliance-overview" href="/en_us/partners/alliance-partners.html">
	Alliance Overview
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-alliance-technical" href="/en_us/partners/alliance-partners/technology.html">
	Technology Alliance Partners
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-alliance-explore" href="/en_us/partners/alliance-partners/explore-alliance-partners.html">
	Our Alliance Partners
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">Tools and Resources</a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-1b4ba98d-a3e3-4d21-a224-5b089282be62">
	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-tools-find" href="/en_us/partners/find-a-partner.html">
	Find a Partner
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-tools-education" href="/en_us/business/products/support-services/education.html">
	Education and Certification
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partner-tools-stories" href="/en_us/partners/partner-stories.html">
	Partner Successes
	
</a>

</div>

</div>

	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-tools-distributors" href="/en_us/partners/distributors.html">
	Distributors
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-tools-login" href="https://community-trendmicro.force.com/Partner" rel="noopener noreferrer" target="_blank">
	Partner Login
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>
</div>

</div>

</div>
</div>
</div>


					</div>
				
			</div>
		
			<div class="dropdown">
				
				
				
					<button class="menu-toggle hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
						Company
					</button>
					<button class="menu-toggle hidden-md hidden-lg" type="button" data-toggle="collapse" data-target="#nav-dropdown-6" aria-haspopup="true" aria-expanded="false">
						Company
					</button>
					<div class="dropdown-menu" id="nav-dropdown-6">
						<div class="responsiveColumnControl section">

<style>>
#responsive-column-460985b4-4b2e-48c1-8727-ddbaa1c8cb8c {
	margin-top:0;
	padding-top:0;
	padding-bottom:0;
	margin-bottom:40px;
}
</style>



<div class="row
			
			null global-margin-top- global-padding-top- global-padding-bottom- global-margin-bottom-" id="responsive-column-460985b4-4b2e-48c1-8727-ddbaa1c8cb8c">
	<div class="col-sm-12 col-xs-12 col-md-12 column"><div class="navCategory section">
<div class="white left-align show-dividers columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red" id="b-nav-company-overview" href="/en_us/about.html">Overview</a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-b6401d4e-5c4e-43ba-86f9-815af791662c">
	<div class="col-sm-3 col-xs-12 col-md-3 column"><div class="navLink section">
<a class=" text-color-" id="b-nav-company-leadership" href="/en_us/about/leaders.html">
	Leadership
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-customer-success" href="/en_us/about/customer-stories.html">
	Customer Success Stories
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-alliance-partners" href="/en_us/partners/alliance-partners.html">
	Strategic Alliances
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-industry-accolades" href="/en_us/about/industry-recognition.html">
	Industry Accolades
	
</a>

</div>

</div>

	<div class="col-sm-3 col-xs-12 col-md-3 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-newsroom" href="https://newsroom.trendmicro.com/" rel="noopener noreferrer" target="_blank">
	Newsroom
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-company-webinars" href="/en_us/about/webinars.html">
	Webinars
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-company-events" href="/en_us/about/events.html">
	Events
	
</a>

</div>

</div>

	<div class="col-sm-3 col-xs-12 col-md-3 column"><div class="navLink section">
<a class=" text-color-" id="b-nav-company-security-experts" href="/en_us/about/leading-experts.html">
	Security Experts
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-company-careers" href="/en_us/about/careers.html">
	Careers
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-history" href="/en_us/about/history-vision-values.html">
	History
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-company-corp-social-responsibility" href="/en_us/about/corporate-social-responsibility.html">
	Corporate Social Responsibility
	
</a>

</div>

</div>

	<div class="col-sm-3 col-xs-12 col-md-3 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-diversity-inclusion" href="/en_us/about/diversity-inclusion.html">
	Diversity, Equity &amp; Inclusion
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-trust-center" href="/en_us/about/trust-center.html">
	Trust Center
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-company-internet-safety-cyber-ed" href="/en_us/initiative-education.html">
	Internet Safety and Cybersecurity Education
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-investors" href="/en_us/about/investor-relations.html">
	Investors
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-legal" href="/en_us/about/legal.html">
	Legal
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>
</div>

</div>

</div>
</div>
</div>


					</div>
				
			</div>
		
		
		<div class="dropdown search-dropdown">
			<button class="search-button hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
				<span class="icon-search-thin"></span>
			</button>
			<div class="dropdown-menu utility-search-target">
				<script type="text/javascript" src="//customer.cludo.com/scripts/bundles/search-script.js"></script>
				<script type="text/javascript">
					var CludoSearch;
					var cludo_language = '';

					switch( window.utag_data.language_code )
					{
						// Cludo dropped the ball on this one
						case 'ja_jp':
							cludo_language = 'jp';
							break;
						case 'in_id':
							cludo_language = 'id';
							break;
						default:
							cludo_language = window.utag_data.language_code.substring( 0, 2 ); // First two letters are the language
							break;
					}

					$(document).ready( function() {
						var cludoSettings = {
							customerId: 296,
							engineId: 1798,
							searchUrl: "/en_us/common/cse.html",
							searchInputs: ["cludo-search-form","cludo-search-form-mobile","cludo-search-content-form"],
							initSearchBoxText: "",
							language: cludo_language,
							endlessScroll: {stopAfterPage:3, resultsPerPage:10, bottomOffset: 145},
							translateSearchTemplates: true,
							loading: "<div class='loader'></div>"
						};

						CludoSearch= new Cludo(cludoSettings);

						CludoSearch.translateProvider.translations[cludo_language]["category_header"] = Granite.I18n.get( "Show" );
						CludoSearch.translateProvider.translations[cludo_language]["your_search_on"] = Granite.I18n.get( "Showing results for" ) + " <span class='highlight'>{{value}}</span> ";
						CludoSearch.translateProvider.translations[cludo_language]["total_results"] = "";
						CludoSearch.translateProvider.translations[cludo_language]["total_result"] = "";
						CludoSearch.translateProvider.translations[cludo_language]["in_category"] = "";
						CludoSearch.translateProvider.translations[cludo_language]["results"] = Granite.I18n.get( "results" );
						CludoSearch.translateProvider.translations[cludo_language]["sort_by"] = Granite.I18n.get( "Sort By" ) + ":";
						CludoSearch.translateProvider.translations[cludo_language]["date"] = Granite.I18n.get( "Date" );
						CludoSearch.translateProvider.translations[cludo_language]["relevance"] = Granite.I18n.get( "Relevance" );
						CludoSearch.translateProvider.translations[cludo_language]["all_results"] = Granite.I18n.get( "All results" );

						CludoSearch.init();
					});
				</script>
				<form class="main-menu-search" aria-label="Search Trend Micro">
					<div class="main-menu-search__field-wrapper" id="cludo-search-form">
						<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
							<tbody>
								<tr>
									<td class="gsc-input">
										<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro"/>
									</td>
								</tr>
							</tbody>
						</table>
					</div>
				</form>
				<button type="button" class="close" aria-label="Close"><span aria-hidden="true">&times;</span></button>
			</div>
		</div>
		<div class="utilityMenu utilityMenu-mobile hidden visible-xs visible-sm">
			<nav class="utilityMenu__wrapper" id="utilityMenu-mobile-wrapper"></nav>
			<div class="collapse-items-container"></div>
		</div>
	</div>
	<div class="search-mobile-wrapper collapse dont-collapse-flex-md hidden-md hidden-lg" id="search-mobile-wrapper">
		<form class="main-menu-search" aria-label="Search Trend Micro">
			<div class="main-menu-search__field-wrapper" id="cludo-search-form-mobile">
				<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
					<tbody>
						<tr>
							<td class="gsc-input">
								<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro"/>
							</td>
							<td class="gsc-search-close collapsed" style="width:1%;" data-target="#search-mobile-wrapper" data-toggle="collapse">
								<span class="icon-close"></span>
							</td>
						</tr>
					</tbody>
				</table>
			</div>
		</form>
	</div>
</div>

</nav>
			</div>
		</div>
		<!-- Sticky Nav -->
		<div class="stickyNav">


<div class="page-nav-wrapper">
	<div class="inner-wrapper">
		<!-- Sticky Nav - Article and Author Pages -->
		
    <!-- Page Properties Container -->
    <div class="page-properties-container">
        <div class="back-caret">
            <a href="https://www.trendmicro.com/en_us/research.html">
                <span class="icon-chevron-left"></span>
            </a>
        </div>
        <div class="display-tag">
            
                <a href="https://www.trendmicro.com/en_us/research.html?category=trend-micro-blogs:threats/cyber-crime">Cyber Crime</a>
            
        </div>
        <div class="page-title">Umbreon Linux Rootkit Hits x86, ARM Systems</div>
    </div>

    <!-- AddThis Container -->
    <div class="addthis_toolbox addthis_default_style">
        <a class="addthis_button_compact addthis_link" href="#">
            <img src="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/share-more.svg" class="addthis-icon" alt="Share"/>
        </a>
        <a class="addthis_button_print addthis_link" title="Print" href="#" tabindex="1000">
            <img src="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/printer.svg" class="addthis-icon" alt="Print"/>
        </a>
        <div class="atclear"></div>
    </div>

    <!-- Subscribe Container -->
    <div class="subscribe">
        <a class="bs-modal" title="Subscribe" href="https://www.trendmicro.com/subscription" data-modal-title="Subscribe" target="target">
            <span class="icon-subscribe"></span> <span class="text">Subscribe</span>
        </a>
    </div>

	</div>
</div>
</div>
	</div>
	<section class="folder-indicators slider">
		<div class="folder-indicators__wrapper">
			<p class="folder-indicators__title">Content added to Folio</p>
			<div class="folder-indicators__button-wrapper">
				<button class="folder-indicators__button counter" id="counter-folder">
					Folio (<span>0</span>)
				</button>
				<button class="folder-indicators__button close">close</button>
			</div>
		</div>
	</section>
</div>
</div>
<div class="root responsivegrid">


<div class="aem-Grid aem-Grid--12 aem-Grid--default--12 ">
    
    <div class="articleBodyNoHero aem-GridColumn aem-GridColumn--default--12"><div class="research-layout article container" role="contentinfo">
    <article class="research-layout--wrapper row" data-article-pageID="2100950186">
        <div class="col-xs-12 col-md-12 one-column">
            <div class="col-xs-12 col-md-12">
                <div class="article-details" role="heading">
	<span class="article-details__bar" role="img"></span>
	<p class="article-details__display-tag">Cyber Crime</p>
	<h1 class="article-details__title">Umbreon Linux Rootkit Hits x86, ARM Systems</h1>
	<p class="article-details__description">We provide a detailed analysis of the rootkit Umbreon under the ELF_UMBREON family, and also provide samples available to the industry to help others block this threat. </p>
	<p class="article-details__author-by">By: Trend Micro
		
			<time class="article-details__date">September 05, 2016</time>
		
		
		<span>Read time:&nbsp;</span><span class="eta"></span> (<span class="words"></span> words)
	</p>

	<div class="article-details__icons">
		<!--Add This-->
		<!-- Go to www.addthis.com/dashboard to customize your tools -->
<div class="addthis_toolbox addthis_default_style">
	<a class="addthis_button_compact addthis_link">
		<img src="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/share-more.svg" class="addthis-icon" alt="Share"/>
	</a>
	<a class="addthis_button_print addthis_link">
		<img src="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/printer.svg" class="addthis-icon" alt="Print"/>
	</a>
</div>

		<!--Add to Folio-->
		<div class="add-to-folio tooltip">
			<span class="icon-folio-thin"></span>
			<div class="right">
				<p>Save to Folio</p>
				<i></i>
			</div>
		</div>

		<!--Subscribe-->
		<div class="subscribe">
			<a class="bs-modal" href="https://www.trendmicro.com/subscription" title="Subscribe" data-modal-title="Subscribe" target="target">
				<span class="icon-subscribe"></span> <span class="text">Subscribe</span>
			</a>
		</div>
	</div>
</div>

            </div>
        </div>
		
		<hr class="research-layout-divider"/>

        <main class="main--content col-xs-12 col-md-8 col-md-push-2">
            <div>
	
    


	

</div>
            <div class="richText">
	
    


	
		<div>
			The Trend Micro Forward Looking Threat Research team recently obtained samples of a new rootkit family from one of our trusted partners. We are providing a detailed analysis of the rootkit, and also making the samples available to the industry to help others block this threat.

This rootkit family called Umbreon (sharing the same name as the Pokémon) targets Linux systems, including systems running both Intel and ARM processors, expanding the scope of this threat to include embedded devices as well. (An aside: the rootkit does appear to be named after the Pokémon of the same name. This Pokémon is known for hiding in the night, which is an appropriate characteristic for a rootkit.) We detect Umbreon under the ELF_UMBREON family.

The development of Umbreon began in 2011, and we’ve seen discussions about it in the <a href="http://www.trendmicro.com/vinfo/us/security/threat-intelligence-center/deep-web/">cybercriminal underground</a> since at least 2013. It has been claimed in underground forums and IRC channels by several underground actors that Umbreon is very hard to detect. Our research shows how this rootkit works, and how it is tries to achieve stealth within a Linux environment.

Umbreon is manually installed onto an affected device or server by the attacker. This can be done either physically or remotely (if the attacker has obtained remote access to the device). Once installed, it can be used by the attacker to take control of the affected device.

<b><em>What is a ring 3 rootkit?</em></b>

Rootkits are persistent threats intended to be hard to detect/observe. Its main purpose is to keep itself (and other malware threats) stealthed and totally hidden from administrators, analysts, users, scanning, forensic, and system tools. They may also open a backdoor and/or use a C&amp;C server and provide an attacker ways to control and spy on the affected machine.

There are various execution modes where code can run, with corresponding levels of access. These are:
<ul>
  <li>User mode (ring 3)</li>
  <li>Kernel mode (ring 0)</li>
  <li>Hypervisor (ring -1)</li>
  <li>System Management Mode – SMM (ring -2)</li>
</ul>
Research on running rookits within certain chips on motherboards or other devices has been carried out; such a rootkit would run in ring -3. The lower the level a piece of code runs, the harder it is to detect and mitigate. However, this does not mean a ring 3 rootkit is simple or easy to remove.

A ring 3 rootkit (or usermode rootkit) does not install kernel objects onto the system, but hooks functions from core libraries that are used by programs as interfaces to system calls that run important operations in a system such as reading/writing files, spawning processes, or sending packets over the network. It is perfectly possible to spy on and change the way things are done within an operating system, even from user mode.

On Linux, when a program calls the <em>printf()</em> function there are other cascaded functions called by this one like <em>_IO_printf()</em> and <em>vprintf()</em> that are in the same library. All of these end up calling the <em>write()</em> system call. While a ring 0 rootkit would hook this system call in kernel mode (and this require the insertion of a kernel object/module into the system), a ring 3 rootkit would hook one of the intermediary library functions in userland, removing the need for native code in the kernel (something which would be fairly difficult to achieve).

<em><b>Cross-platform features</b></em>

We were able to successfully get Umbreon running on three different platforms: x86, x86-64 and ARM (Raspberry Pi). The rootkit is very portable because it does not rely on platform-specific code: it is written in pure C, except for some additional tools that are written in Python and Bash scripting.

Our analysis indicates that this was by design: Umbreon's did this intentionally so that it could easily support the three platforms noted above.

<em><b>Backdoor authentication</b></em>

During installation, Umbreon creates a valid Linux user that the attacker can use with a backdoor into the affected system. This backdoor account can be accessed via any authentication method supported by Linux via pluggable authentication modules (PAMs), including SSH.

This user has a special GID (group ID) that the rootkit checks to see if the attacker is attempting to access the system. It is not possible to see this user in files like <em>/etc/passwd</em> because <em>libc</em> functions are hooked by Umbreon. The picture below shows the welcome screen shown when this backdoor account is accessed via SSH:
<p align="center"><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/files/2016/08/umbreon2.png"><img src="/content/dam/trendmicro/global/en/migrated/security-intelligence-migration-spreadsheet/trendlabs-security-intelligence/2016/08/umbreon2tb.png"/></a></p>
<p align="center"><i>Figure 1. SSH login screen (Click to enlarge)</i></p>
<em><b>Espeon backdoor component</b></em>

This is a non-promiscuous <em>libpcap-</em>based backdoor written in C that spawns a shell when an authenticated user connects to it. (The attackers also named this component after a Pokémon - this time Espeon, which has pronounced ears.) It can be instructed to establish a connection to an attacker machine, functioning as a reverse shell to bypass firewalls.

Espeon captures all TCP traffic that reaches the main Ethernet interface of the affected computer. Once it receives a TCP packet with some special field values, it then connects back to the source IP of this TCP packet. These are the values that Espeon watches out for:
<ul>
  <li>Sequence number (SEQ) is 0xc4</li>
  <li>Acknowledgement number (ACK) is 0xc500</li>
  <li>IP Identification (ID) is 0x0fb1</li>
</ul>
These conditions would all be set by the attacker in a packet he would send to the affected machine. If all three values match, the backdoor connects back to the sending IP address. Here is the disassembled of <em>got_packet()</em> function, where this comparison is performed:
<p align="center"><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/files/2016/08/umbreon3.png"><img src="/content/dam/trendmicro/global/en/migrated/security-intelligence-migration-spreadsheet/trendlabs-security-intelligence/2016/08/umbreon3tb.png"/></a></p>
<p align="center"><i>Figure 2. Code sample (click to enlarge)</i></p>
<em><b>Hiding pre-loaded configuration files from system call tracing</b></em>

System call tracing is a technique used by a very popular Linux command line tool called <em>strace. </em>It uses the <em>ptrace()</em> syscall to inspect the syscall parameters and return values of other executable files. As Umbreon uses an <em>/etc/ld.so.&lt;random&gt;</em> file to instruct the loader to load itself before any other library used by ELF binaries, it can disguise itself from administrators that use <em>strace</em> by hooking <em>vprintf()</em>, <em>__vfprintf_chk(),</em> and <em>fputs_unlocked(). </em>These are used by different versions of <em>strace </em>to write to a given file descriptor. The following screenshot shows the code that does this for <em>vprintf()</em> in the <em>strace.so </em>component:
<p align="center"><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/files/2016/08/umbreon4.png"><img src="/content/dam/trendmicro/global/en/migrated/security-intelligence-migration-spreadsheet/trendlabs-security-intelligence/2016/08/umbreon4tb.png"/></a></p>
<p align="center"><i>Figure 3. Code sample(click to enlarge)</i></p>
<em>wrapper_200da0_6b0</em> ends up in the <em>strstr()</em> function. Here, the pre-loaded configuration file is <em>/etc/ld.so.NfitFd2</em> so if any argument passed to <em>vprintf()</em> function contains this text, it will be replaced by <em>/etc/ld.so.preload. </em>An analyst may then believe that this is the file being used by the loader. The screenshot below shows the strings used by this routine:
<p align="center"><img src="/content/dam/trendmicro/global/en/migrated/security-intelligence-migration-spreadsheet/trendlabs-security-intelligence/2016/08/umbreon5.png"/></p>
<p align="center"><i>Figure 4. Code sample</i></p>
This component also unsets the <em>LD_PRELOAD</em> environment variable so analysts can’t hook the malicious functions.

<em><b>Hiding packets</b></em>

Umbreon also hooks the <em>libpcap</em> functions <em>got_packet()</em> and <em>pcap_loop()</em> and prevents them from returning any information about TCP packets with ports between the lowest port number and highest port number specified in its configuration file. An analyst capturing network traffic with tools like <em>tcpdump</em> on the machine wouldn't be able to capture any backdoor traffic.

<em><b>Umbreon's implementation</b></em>

Umbreon acts as a library that imitates the <em>glibc</em> (GNU C Library). It creates a file called <em>/etc/ld.so.&lt;random&gt;</em> that, according to the <a href="http://man7.org/linux/man-pages/man8/ld.so.8.html">official documentation</a>, has the following function:
<blockquote><code><em>/etc/ld.so.preload</em>              File containing a whitespace-separated list of ELF shared objects to be loaded before the program.</code></blockquote>
Originally, the ELF loader will look for a <em>/etc/ld.so.preload</em> file as the documentation clearly states. However, we found that Umbreon also patches the loader library (<em>/lib/x86_64-linux-gnu/ld-2.19.so</em> as an example) to use <em>/etc/ld.so.&lt;random&gt;</em> instead, where <em>&lt;random&gt;</em> is a 7-character-string, matching the length of &quot;preload&quot;.

Every library path in this file will be loaded before any other ELF program is launched. Inside this file, Umbreon puts the path for its own main library, which contains lots of functions matching the names of <em>glibc</em> functions. The location of this main library is:
<ul>
  <li>/usr/share/libc.so.&lt;random&gt;.${PLATFORM}.ld-2.22.so</li>
</ul>
${PLATFORM} is replaced by the loader with one of the following highlighted values, depending on the target architecture:
<ul>
  <li>/usr/share/libc.so.&lt;random&gt;.<b>v6l.ld</b>-2.22.so (for ARM)</li>
  <li>/usr/share/libc.so.&lt;random&gt;.<b>x86_64</b>.ld-2.22.so (for x86-64)</li>
  <li>/usr/share/libc.so.&lt;random&gt;.<b>i686</b>.ld-2.22.so   (for x86)</li>
</ul>
However, because Umbreon is manually installed onto a compromised machine, this default path may vary. The functions hooked and implemented by the main Umbreon library are:
<ul>
  <li>__fxstat</li>
  <li>__fxstat64</li>
  <li>__lxstat</li>
  <li>__lxstat64</li>
  <li>__syslog_chk</li>
  <li>__xstat</li>
  <li>__xstat64</li>
  <li>access</li>
  <li>audit_log_acct_message</li>
  <li>audit_log_user_message</li>
  <li>audit_send</li>
  <li>chdir</li>
  <li>check_and_fix_ldso</li>
  <li>checkpw</li>
  <li>chmod</li>
  <li>chown</li>
  <li>cleanup</li>
  <li>dlinfo</li>
  <li>dlsym</li>
  <li>esh</li>
  <li>execve</li>
  <li>execvp</li>
  <li>fake_preload_fail</li>
  <li>fchmod</li>
  <li>fchown</li>
  <li>fchownat</li>
  <li>fdopendir</li>
  <li>filesize</li>
  <li>find_dlsym</li>
  <li>find_sym</li>
  <li>fopen</li>
  <li>fopen64</li>
  <li>fstat</li>
  <li>fstat64</li>
  <li>get_hideports</li>
  <li>get_my_procname</li>
  <li>get_procname</li>
  <li>getpath</li>
  <li>getpgid</li>
  <li>getpriority</li>
  <li>getpwnam</li>
  <li>getpwnam_r</li>
  <li>getpwuid</li>
  <li>getsid</li>
  <li>getspnam</li>
  <li>is_dynamic</li>
  <li>is_hideport</li>
  <li>is_ldso32</li>
  <li>is_ldso64</li>
  <li>is_really</li>
  <li>kill</li>
  <li>lchown</li>
  <li>link</li>
  <li>login</li>
  <li>lstat</li>
  <li>lstat64</li>
  <li>netstat</li>
  <li>open</li>
  <li>open64</li>
  <li>openat</li>
  <li>opendir</li>
  <li>pam_acct_mgmt</li>
  <li>pam_authenticate</li>
  <li>pam_open_session</li>
  <li>pam_prompt</li>
  <li>pam_vprompt</li>
  <li>pcap_loop</li>
  <li>procstatus</li>
  <li>procstatus_o</li>
  <li>pututline</li>
  <li>pututxline</li>
  <li>rclocal</li>
  <li>read</li>
  <li>readdir</li>
  <li>readdir64</li>
  <li>readlink</li>
  <li>recover_dirname</li>
  <li>recover_filename</li>
  <li>reinstall_self</li>
  <li>rename</li>
  <li>rmdir</li>
  <li>sched_getaffinity</li>
  <li>sched_getparam</li>
  <li>sched_getscheduler</li>
  <li>sched_rr_get_interval</li>
  <li>setgid</li>
  <li>setregid</li>
  <li>setresgid</li>
  <li>socket</li>
  <li>spoof_maps</li>
  <li>spoof_smaps</li>
  <li>stat</li>
  <li>stat64</li>
  <li>sxor</li>
  <li>symlink</li>
  <li>sysinfo</li>
  <li>syslog</li>
  <li>unfuck_linkmap</li>
  <li>unlink</li>
  <li>unlinkat</li>
  <li>write</li>
</ul>
Many of these function names match existing <em>libc</em> function names. As Umbreon's library is loaded before any other user library when an executable in launched, the loader will resolve these functions' addresses instead of the ones in <em>libc</em>. This way ,an executable will call the malicious functions invisibly.

These malicious functions then inspect the arguments they receive before calling the real ones. Similarly, the output of every command may have been modified before the user sees it. It effectively functions as an in-the-middle attack, modifying both the input and output of system functions. Users cannot trust the outputs of system commands like <em>ps, ls, top,</em> and <em>pstree </em>(among others). Because they all use these <em>libc</em> functions, they will all produce modified outputs.

<em><b>How to detect Umbreon</b></em>

Most of the tools you will find in Linux are written in C. Even programs written in Perl, Python, Ruby, PHP and other scripting languages end up calling GNU C Library wrappers as their interpreters are also written in C. Because Umbreon library hooks <em>glibc</em> functions, creating a reliable tool to detect Umbreon would require a tool that doesn't use <em>glibc</em>.

One way is to develop a small tool to list the contents of the default Umbreon rootkit folder using Linux kernel syscalls directly. This bypasses any malicious C library installed by Umbreon. If the output contains one or more files with names starting with <em>libc.so</em> followed by a random integer, this is the red flag that suggests Umbreon is installed in the machine.

We have also created YARA rules that detect Umbreon, which can be <a href="http://documents.trendmicro.com/assets/20160905-umbreon-yara.txt">downloaded here</a>.

<em><b>Removal Instructions</b></em>

Umbreon is a ring 3 (user level) rootkit, so it is possible to remove it. However, it may be tricky and inexperienced users may break the system and put it into an unrecoverable state. If you are brave enough to proceed, the easiest way is to boot the affected machine with Linux LiveCD and follow the steps:
<ol>
  <li>Mount the partition where the <em>/usr</em> directory is located; write privileges are required.</li>
  <li>Backup all the files before making any changes.</li>
  <li>Remove the file <em>/etc/ld.so.&lt;random&gt;</em>.</li>
  <li>Remove the directory <em>/usr/lib/libc.so.&lt;random&gt;</em>.</li>
  <li>Restore the attributes of the files <em>/usr/share/libc.so.&lt;random&gt;.&lt;arch&gt;.*.so</em> and remove them as well.</li>
  <li>Patch the loader library to use <em>/etc/ld.so.preload</em> again.</li>
  <li>Umount the partition and reboot the system normally.</li>
</ol>
Here is a real-life example (please notice file names <em>will vary </em>as they are randomly chosen by the malware). In the following case, <em>/dev/sda1</em> is the partition containing the <em>/usr</em> directory.
<blockquote><code># mount /dev/sda1 /mnt
# rm -f /mnt/etc/ld.so.khVrkEQ
# rm -rf /mnt/usr/lib/libc.so.41762810374176281037/
# chattr -ai /mnt/usr/share/libc.so.4176281037.*
# rm -f /mnt/usr/share/libc.so.4176281037.*
# sed -i 's:/etc/ld\.so\.khVrkEQ:/etc/ld.so.preload:' /lib/x86_64-linux-gnu/ld-2.19.so
# umount /mnt
# reboot</code></blockquote>
In this case, the <em>chattr</em> command is necessary because Umbreon libraries have a (append-only) and i (immutable) attributes set.

<em><b>Indicators of Compromise</b></em>

The following file samples are tied to this threat:
<ul>
  <li>b5e68f8e23115bdbe868d19d09c90eb535184acd — /.bashrc</li>
  <li>73ddcd21bf05a9edc7c85d1efd5304eea039d3cb — /bin/pkg</li>
  <li>48a6e43af0cb40d4f92b38062012117081b6774e — /bin/espeon-shell (detected as BKDR_UMREON.A)</li>
  <li>88aea4bb5e68c1afe1fb11d55a190dddb8b1586f —/bin/unhide-self</li>
  <li>73ddcd21bf05a9edc7c85d1efd5304eea039d3cb — /bin/zypper and ./bin/emerge</li>
  <li>42802085c28c0712ac0679c100886be3bcf07341 — /bin/umbreon.py</li>
  <li>66d246e02492821f7e5bbaeb8156ece44c101bbc — /bin/espeon (detected as ELF_UMREON.A)</li>
  <li>73ddcd21bf05a9edc7c85d1efd5304eea039d3cb —/bin/yum</li>
  <li>4f6c6d42bdf93f4ccf68d888ce7f98bcd929fc72 — /bin/spytty</li>
  <li>73ddcd21bf05a9edc7c85d1efd5304eea039d3cb — /bin/apt-get</li>
  <li>1f1ab0a8e9ec43d154cd7ab39bfaaa1eada4ad5e — /bin/.x</li>
  <li>81ad3260c0fc38a3b0f65687f7c606cb66c525a8 — /.init-append</li>
  <li>7b10bf8187100cdc2e1d59536c19454b0c0da46f — /.umbreon-ascii</li>
  <li>96d5e513b6900e23b18149a516fb7e1425334a44 — /.profile</li>
  <li>851b7f07736be6789cbcc617efd6dcb682e0ce54 — /usr/share/libc.so.2284441204.i686.ld-2.22.so (detected as ELF_UMREON.A)</li>
  <li>e2bc8945f0d7ca8986b4223ed9ba13686a798446 — /usr/share/libc.so.2284441204.x86_64.ld-2.22.so (detected as ELF_UMREON.A)</li>
  <li>17b42374795295f776536b86aa571a721b041c38 — /.ldso/strace.so (detected as ELF_UMREON.A)</li>
  <li>394fae7d40b0c54c16d7ff3c3ff0d247409bd28f —/promptlog</li>
  <li>738ac5f6a443f925b3198143488365c5edf73679 —/hideports</li>
  <li>022be09c68a410f6bed15c98b63e15bb57e920a9 — espeon (ARM version, detected as ELF_UMREON.B)</li>
  <li>3762c537801c21f68f9eac858ecc8d436927c77a — pkg (ARM version, detected as ELF_UMREON.B)</li>
  <li>2cd24c5701a7af76ab6673502c80109b6ce650c6 — strace.so (ARM version, detected as ELF_UMREON.B)</li>
  <li>358afd4bd02de3ce1db43970de5e4cb0c38c2848 — umbreon.so (ARM version, detected as ELF_UMREON.B)</li>
</ul>
<em><b>Update as of September 15, 2016, 8:00 PM PDT</b></em>

The developer of Umbreon has been in touch with us since the publication of this post. He told us that he started work on Umbreon in 2011, basing it off three existing rootkits: Jynx, Jynx2, and Azazel. All three are publicly known Linux rootkits. He has expressed his sadness and displeasure at how his code has since been abused by various malicious threat actors.
		</div>
	

</div>
            <div class="image">
	
    


	

</div>
            <div>




</div>
            <section class="tag--list">
	<div class="tag--list-title">Tags</div>
	<div class="tag--list-tags">
		<a href="/en_us/research.html?category=trend-micro-research:threats/malware" class="tag--list-anchor">Malware</a>
		
			<span class="tag--list-separator" role="separator">|</span>
		
	
		<a href="/en_us/research.html?category=trend-micro-research:environments/endpoints" class="tag--list-anchor">Endpoints</a>
		
			<span class="tag--list-separator" role="separator">|</span>
		
	
		<a href="/en_us/research.html?category=trend-micro-research:threats/cyber-crime" class="tag--list-anchor">Cyber Crime</a>
		
			<span class="tag--list-separator" role="separator">|</span>
		
	
		<a href="/en_us/research.html?category=trend-micro-research:article-type/research" class="tag--list-anchor">Research</a>
		
	</div>
</section>

        </main>

        <sidebar class="sidebar--left col-xs-12 col-md-2 col-md-pull-8">
            


<h3 class="article-authors__title">
	
		Authors
	
</h3>

<!-- /* Show Trend Micro if we don't have any authors for this article */ -->
<ul class="article-authors__list">
	<li class="article-authors__list-items">
		<div class="article-authors__wrapper" role="contentinfo authors profile">
			<p class="article-authors__list-items__name">Trend Micro</p>
			<p class="article-authors__list-items__position">
				Research, News, and Perspectives
			</p>
		</div>
	</li>
</ul>



<div class="article-authors__btn-wrapper" role="button">
	<a class="article-authors__button " href="mailto:tm_research@trendmicro.com" target="target" id="article-authors-contact-us-button">
		Contact Us
	</a>
</div>

<div class="article-authors__btn-wrapper subscribe-wrapper" role="button">
	<a class="article-authors__button subscribe bs-modal" href="https://www.trendmicro.com/subscription" data-modal-title="Subscribe" target="target">
		Subscribe
	</a>
</div>
	

    

        </sidebar>

        <sidebar class="sidebar--right col-xs-12 col-md-2">
            <div class="sidebar--wrapper" role="contentinfo sidebar">
                <div class="row-1" role="contentinfo related articles">
                    
	
    


	<div class="related--articles" role="contentinfo related articles">
		<h3 class="related--articles-title">Related Articles</h3>
		 <ul class="related--articles-items">
			<li class="related--articles-item">
				<a class="related--articles-item-anchor" href="/en_us/research/21/l/examining-log4j-vulnerabilities-in-connected-cars.html">
					Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
				</a> 
			</li>
		
			<li class="related--articles-item">
				<a class="related--articles-item-anchor" href="/en_us/research/21/l/patch-now-apache-log4j-vulnerability-called-log4shell-being-acti.html">
					Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited
				</a> 
			</li>
		
			<li class="related--articles-item">
				<a class="related--articles-item-anchor" href="/en_us/research/21/l/log4j.html">
					What to Do About Log4j
				</a> 
			</li>
		</ul>
	</div>

	<div class="archived--link">
		<div class="archived--link-text">
			<a href="/en_us/research.html">
				See all articles
			</a>
		</div>

		<div class="archived--link-icon">
			<a href="/en_us/research.html">
				<span class="icon-chevron-right"></span>
			</a>
		</div>
	</div>


                </div>
            </div>
        </sidebar>
    </article>
</div></div>

    
</div>
</div>
<div class="footer">

<footer class="container-fluid container-fluid--hybrid">
	<div class="footer"><nav class="links-row">
	<div class="inner-container">
		<ul class="links-col">
			<li>
				<a href="/en_us/business/get-info-form.html">
					Contact Sales
				</a>
			</li>
		
			<li>
				<a href="/en_us/contact.html">
					Locations
				</a>
			</li>
		
			<li>
				<a href="/en_us/about/careers.html">
					Careers
				</a>
			</li>
		
			<li>
				<a href="https://newsroom.trendmicro.com/" target="_blank" rel="noopener noreferrer">
					Newsroom
				</a>
			</li>
		
			<li>
				<a href="/en_us/about/trust-center.html">
					Trust Center
				</a>
			</li>
		
			<li>
				<a href="/en_us/about/trust-center/privacy.html">
					Privacy
				</a>
			</li>
		
			<li>
				<a href="/en_us/about/legal/accessibility-policy.html">
					Accessibility
				</a>
			</li>
		
			<li>
				<a href="https://success.trendmicro.com/technical-support" target="_blank" rel="noopener noreferrer">
					Support
				</a>
			</li>
		
			<li>
				<a href="/en_us/business/sitemap.html">
					Site map
				</a>
			</li>
		</ul>
	</div>
</nav>
<div class="social-copyright-row">
	<div class="inner-container">
		<div class="row">
			<ul class="col-md-6 social-media-links">
				<li>
					<a href="https://www.linkedin.com/company/trend-micro" class="icon-" target="_blank" rel="noopener noreferrer">
						linkedin
					</a>
				</li>
			
				<li>
					<a href="https://twitter.com/trendmicro" class="icon-" target="_blank" rel="noopener noreferrer">
						twitter
					</a>
				</li>
			
				<li>
					<a href="https://www.facebook.com/Trendmicro/" class="icon-" target="_blank" rel="noopener noreferrer">
						facebook
					</a>
				</li>
			
				<li>
					<a href="https://www.youtube.com/user/TrendMicroInc" class="icon-" target="_blank" rel="noopener noreferrer">
						youtube
					</a>
				</li>
			
				<li>
					<a href="https://www.instagram.com/trendmicro/" class="icon-" target="_blank" rel="noopener noreferrer">
						instagram
					</a>
				</li>
			
				<li>
					<a href="https://feeds.feedburner.com/TrendMicroSimplySecurity" class="icon-" target="_blank" rel="noopener noreferrer">
						rss
					</a>
				</li>
			</ul>
			<div class="col-md-6">
				<span class="copyright">Copyright © 2021 Trend Micro Incorporated. All rights reserved.</span>
			</div>
		</div>
	</div>
</div>
</div>
</footer>
</div>


			

<!-- /* Core functionality javascripts, absolute URL to leverage Akamai CDN */ -->
<script src="https://www.trendmicro.com/content/dam/trendmicro/global/core-library/sly.min.js"></script>
<script src="https://www.trendmicro.com/content/dam/trendmicro/global/core-library/jwplayer.js"></script>

<script type="text/javascript" src="https://www.youtube.com/iframe_api"></script>

            
    
    
<script type="text/javascript" src="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.js"></script>



    


    

    

    
    

            

            
			<!--For Modal-start-->
			<div class="modal-wrap"></div>
			<div class="jwPlayerString hidden">
				<span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk</span>
			</div>
			<!--For Modal-end-->
        

		<!-- Go to www.addthis.com/dashboard to customize your tools -->
		<script type="text/javascript" src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-57bc9d0c3028a052"></script>		
    </body>
</html>
